Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-12646
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a login name, password, or e-mail address.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12647
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a Knowledge Base article title.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12648
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a bookmark URL.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12649
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-10404
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
5.9
CVSSv3
CVE-2022-42132
The Test LDAP Users functionality in Liferay Portal 7.0.0 up to and including 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and previous versions, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when pag...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.9
CVSSv3
CVE-2021-29043
The Portal Store module in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows malicious users to steal...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
5.4
CVSSv3
CVE-2024-25145
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 up to and including 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older u...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 up to and including 7.4.3.91, and Liferay DXP 7.3 update 33 and previous versions, and 7.4 before update 92 allow remote malicious users to inject arbitrary web script or HTM...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »